Overview

overview

10

Static

static

8

candidature.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    candidature.doc

  • Size

    352KB

  • Sample

    250401-qvrcassjv7

  • MD5

    f3c3f773d98e50df994269a781856056

  • SHA1

    87b68d9101576bd238ebf11903bfb59b218f77fd

  • SHA256

    a9618ef6cc847483f8b0a7eab77fcddf4b92c2454215df3eda1b188111e55cda

  • SHA512

    5cce5ebbba57fa97a977899ed3ce779ce58e85f83b541a9ae81f2e894d5101dae2eaf13184cae00959a7e30b344a92b181d8943bbbea35ad49d9b788293ee0ab

  • SSDEEP

    6144:K8SxLqSmteyQgIplSeH5ODlzublpMmuIsLcKeT+ufnE7ZZzxsxZgn/F2iduGK05P:RSBqHteaIueHsDlK3zuTVe9PE7ZTsx+r

Score
10/10
executionmacromacro_on_action

Malware Config

Targets

    • Target

      candidature.doc

    • Size

      352KB

    • MD5

      f3c3f773d98e50df994269a781856056

    • SHA1

      87b68d9101576bd238ebf11903bfb59b218f77fd

    • SHA256

      a9618ef6cc847483f8b0a7eab77fcddf4b92c2454215df3eda1b188111e55cda

    • SHA512

      5cce5ebbba57fa97a977899ed3ce779ce58e85f83b541a9ae81f2e894d5101dae2eaf13184cae00959a7e30b344a92b181d8943bbbea35ad49d9b788293ee0ab

    • SSDEEP

      6144:K8SxLqSmteyQgIplSeH5ODlzublpMmuIsLcKeT+ufnE7ZZzxsxZgn/F2iduGK05P:RSBqHteaIueHsDlK3zuTVe9PE7ZTsx+r

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks